* Casey Schaufler (casey@schaufler-ca.com) wrote:
> --- Chris Wright <chrisw@private> wrote:
> > We store labels as extended attributes in a reserved
> > namespace
> > ("security."). Thus a mac_get_file() is simply a
> > library wrapper
> > around getxattr. The namespace for security labels
> > is reserved and
> > security checks for those labels are handled by the
> > security modules.
>
> So if ls calls mac_get_file the security module
> identifies the namespace as one with specific
> rules and treats the information with reverence
> appropropriate to the namespace. But are ACLs
> and Sensitivity Labels treated the same, or
> as appropriate to each?
Separate namespace, so appropriate for each.
> > I don't see what exactly you are taking issue with.
>
> I'm not, for a change. Simply describing how
> Trix does it.
Heh, alright.
thanks,
-chris
This archive was generated by hypermail 2.1.3 : Mon Jul 25 2005 - 21:34:30 PDT